'''Samba''' is a re-implementation of the SMB/CIFS networking protocol, it facilitates file and printer sharing among Linux and Windows systems as an alternative to [[NFS]]. Some users say that Samba is easily configured and that operation is very straight-forward. However, many new users run into problems with its complexity and non-intuitive mechanism. It is strongly suggested that the user stick close to the following directions.

'''Samba''' is a re-implementation of the SMB/CIFS networking protocol, it facilitates file and printer sharing among Linux and Windows systems as an alternative to [[NFS]]. Some users say that Samba is easily configured and that operation is very straight-forward. However, many new users run into problems with its complexity and non-intuitive mechanism. It is strongly suggested that the user stick close to the following directions.

Line 34:

Line 37:

== Server configuration ==

== Server configuration ==

−

The {{ic|/etc/samba/smb.conf}} file must be created before starting the service. Once that is set up, users may opt for using an advanced configuration interface like SWAT.

+

The Samba server is configured in {{ic|/etc/samba/smb.conf}}. Copy the default Samba configuration file to {{ic|/etc/samba/smb.conf}}:

−

+

−

As root, copy the default Samba configuration file to {{ic|/etc/samba/smb.conf}}:

+

# cp /etc/samba/smb.conf.default /etc/samba/smb.conf

# cp /etc/samba/smb.conf.default /etc/samba/smb.conf

Line 68:

Line 69:

This marks the named objects for automatic export to the environment of subsequently executed commands:

This marks the named objects for automatic export to the environment of subsequently executed commands:

−

{{bc|<nowiki># export USERSHARES_DIR="/var/lib/samba/usershares"

+

−

# export USERSHARES_GROUP="sambashare"</nowiki>}}

+

# export USERSHARES_DIR="/var/lib/samba/usershares"

+

# export USERSHARES_GROUP="sambashare"

+

This creates the usershares directory in var/lib/samba:

This creates the usershares directory in var/lib/samba:

−

{{bc|<nowiki># mkdir -p ${USERSHARES_DIR}</nowiki>}}

+

+

# mkdir -p ${USERSHARES_DIR}

+

This makes the group sambashare:

This makes the group sambashare:

−

{{bc|<nowiki># groupadd ${USERSHARES_GROUP}</nowiki>}}

+

+

# groupadd ${USERSHARES_GROUP}

+

This changes the owner of the directory and group you just created to root:

This changes the owner of the directory and group you just created to root:

This changes the permissions of the usershares directory so that users in the group sambashare can read, write and execute files:

This changes the permissions of the usershares directory so that users in the group sambashare can read, write and execute files:

−

{{bc|<nowiki># chmod 1770 ${USERSHARES_DIR}</nowiki>}}

+

+

# chmod 1770 ${USERSHARES_DIR}

+

Set the following variables in {{ic|smb.conf}} configuration file:

Set the following variables in {{ic|smb.conf}} configuration file:

−

{{hc|/etc/samba/smb.conf|2=...

+

−

[global]

+

{{hc|/etc/samba/smb.conf|2=

−

usershare path = /var/lib/samba/usershares

+

...

−

usershare max shares = 100

+

[global]

−

usershare allow guests = yes

+

usershare path = /var/lib/samba/usershares

−

usershare owner only = False

+

usershare max shares = 100

−

...

+

usershare allow guests = yes

+

usershare owner only = False

+

...

}}

}}

+

Save the file and then add your user to the group sambashares replacing "your_username" with the name of your user:

Save the file and then add your user to the group sambashares replacing "your_username" with the name of your user:

+

# usermod -a -G ${USERSHARES_GROUP} your_username

# usermod -a -G ${USERSHARES_GROUP} your_username

Restart Samba.

Restart Samba.

+

+

# systemctl restart smbd nmbd

Log out and log back in. You should now be able to configure your samba share using GUI. For example, in [[Thunar]] you can right click on any directory and share it on the network.

Log out and log back in. You should now be able to configure your samba share using GUI. For example, in [[Thunar]] you can right click on any directory and share it on the network.

Line 105:

Line 122:

To change a user's password, use {{ic|smbpasswd}}:

To change a user's password, use {{ic|smbpasswd}}:

+

# smbpasswd ''username''

# smbpasswd ''username''

−

−

=== Web-based configuration (SWAT)===

−

−

'''SWAT''' (Samba Web Administration Tool) is a facility that is part of the Samba suite. Whether or not to use this tool remains a matter of personal preference. It does allow for quick configuration and has context-sensitive help for each {{ic|smb.conf}} parameter. SWAT also provides an interface for monitoring of current state of connection(s), and allows network-wide MS Windows network password management.

−

−

{{Warning|Before using SWAT, be warned that SWAT will completely replace {{ic|/etc/samba/smb.conf}} with a fully optimized file that has been stripped of all comments, and only non-default settings will be written to the file.}}

−

−

To use SWAT, two [[systemd]] unit files come with the samba package that allow for socket activation. The SWAT service will be called automatically should a user call on the configured socket. In this case, a TCP connection on a specific port.

−

−

First, review the socket configuration:

−

{{hc|/usr/lib/systemd/system/swat.socket|<nowiki>

−

[Unit]

−

Description=SWAT Samba Web Admin Tool

−

−

[Socket]

−

ListenStream=127.0.0.1:901

−

Accept=true

−

−

[Install]

−

WantedBy=sockets.target

−

</nowiki>}}

−

−

{{Note|By default SWAT will only be available from the localhost, the system the SWAT service is installed on. If SWAT should be available for external connections, copy the unit to {{ic|<nowiki>/etc/systemd/system/swat.socket</nowiki>}}, and replace 127.0.0.1 with your system's LAN ip. i.e. {{ic|<nowiki>192.168.1.80:901</nowiki>}}.}}

−

−

When satisfied with the configuration, start the socket:

−

# systemctl start swat.socket

−

−

Or, should you want to enable SWAT during boot, enable:

−

# systemctl enable swat.socket

−

−

The web interface can now be accessed on port 901 by default:

−

{{ic|http://localhost:901/}}

−

−

{{Note|An all-encompasing [[Webmin]] tool is also available, and the SWAT module can be loaded there.}}

== Client configuration ==

== Client configuration ==

Line 152:

Line 136:

To list public shares on a server:

To list public shares on a server:

+

$ smbclient -L ''hostname'' -U%

$ smbclient -L ''hostname'' -U%

Create a mount point for the share:

Create a mount point for the share:

+

# mkdir /mnt/''mountpoint''

# mkdir /mnt/''mountpoint''

Mount the share using the {{ic|mount.cifs}} type. Not all the options listed below are needed or desirable (ie. {{ic|password}}).

Mount the share using the {{ic|mount.cifs}} type. Not all the options listed below are needed or desirable (ie. {{ic|password}}).

However, storing passwords in a world readable file is not recommended! A safer method would be to use a credentials file. As an example, create a file and {{ic|chmod 600 ''filename''}} so only the owning user can read and write to it. It should contain the following information:

However, storing passwords in a world readable file is not recommended! A safer method would be to use a credentials file. As an example, create a file and {{ic|chmod 600 ''filename''}} so only the owning user can read and write to it. It should contain the following information:

If using '''systemd''' (modern installations), one can utilize the '''comment=systemd.automount''' option, which speeds up service boot by a few seconds. Also, one can map current user and group to make life a bit easier, utilizing '''uid''' and '''gid''' options ('''warning:''' using the uid and gid options may cause input ouput errors in programs that try to fetch data from network drives):

If using '''systemd''' (modern installations), one can utilize the '''comment=systemd.automount''' option, which speeds up service boot by a few seconds. Also, one can map current user and group to make life a bit easier, utilizing '''uid''' and '''gid''' options ('''warning:''' using the uid and gid options may cause input ouput errors in programs that try to fetch data from network drives):

{{Note|Space in sharename should be replaced by {{ic|\040}} (ASCII code for space in octal). For example, {{ic|//SERVER/SHARE\ NAME}} on the command line should be {{ic|//SERVER/SHARE\040NAME}} in ''fstab''.}}

{{Note|Space in sharename should be replaced by {{ic|\040}} (ASCII code for space in octal). For example, {{ic|//SERVER/SHARE\ NAME}} on the command line should be {{ic|//SERVER/SHARE\040NAME}} in ''fstab''.}}

{{Note|Note: The option is user'''s''' (plural). For other filesystem types handled by mount, this option is usually ''user''; sans the "'''s'''".}}

{{Note|Note: The option is user'''s''' (plural). For other filesystem types handled by mount, this option is usually ''user''; sans the "'''s'''".}}

−

This will allow users to mount it as long as the mount point resides in a directory controllable by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use [[Samba#smbnetfs|smbnetfs]], or grant privileges using [[sudo]].

+

This will allow users to mount it as long as the mount point resides in a directory controllable by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use [[#smbnetfs|smbnetfs]], or grant privileges using [[sudo]].

Samba is a re-implementation of the SMB/CIFS networking protocol, it facilitates file and printer sharing among Linux and Windows systems as an alternative to NFS. Some users say that Samba is easily configured and that operation is very straight-forward. However, many new users run into problems with its complexity and non-intuitive mechanism. It is strongly suggested that the user stick close to the following directions.

Required packages

Server

Client

Only smbclient is required to access files from a Samba/SMB/CIFS server. It is also available from the official repositories.

Server configuration

The Samba server is configured in /etc/samba/smb.conf. Copy the default Samba configuration file to /etc/samba/smb.conf:

# cp /etc/samba/smb.conf.default /etc/samba/smb.conf

Creating a share

Edit /etc/samba/smb.conf, scroll down to the Share Definitions section. The default configuration automatically creates a share for each user's home directory. It also creates a share for printers by default.

There are a number of commented sample configurations included. More information about available options for shared resources can be found in man smb.conf. Here is the on-line version.

On Windows side, be sure to change smb.conf to the Windows Workgroup. (Windows default: WORKGROUP)

Be sure that your machine is not named Localhost, since it will resolve on Windows to 127.0.0.1.

Save the file and then add your user to the group sambashares replacing "your_username" with the name of your user:

# usermod -a -G ${USERSHARES_GROUP} your_username

Restart Samba.

# systemctl restart smbd nmbd

Log out and log back in. You should now be able to configure your samba share using GUI. For example, in Thunar you can right click on any directory and share it on the network.
When the error You are not the owner of the folder appears, simply try to reboot the system.

Adding a user

To log into a Samba share, a samba user is needed. The user must already have a Linux user account with the same name on the server, otherwise running the next command will fail:

Changing a password

To change a user's password, use smbpasswd:

# smbpasswd username

Client configuration

Shared resources from other computers on the LAN may be accessed and mounted locally by GUI or CLI methods. The graphical manner is limited since most lightweight Desktop Environments do not have a native way to facilitate accessing these shared resources.

There are two parts to share access. First is the underlying file system mechanism, and second is the interface which allows the user to select to mount shared resources. Some environments have the first part built into them.

Manual mounting

Install smbclient from the official repositories. If you want a lighter approach and do not need the ability to list public shares, you need only install cifs-utils to provide /usr/bin/mount.cifs.

To list public shares on a server:

$ smbclient -L hostname -U%

Create a mount point for the share:

# mkdir /mnt/mountpoint

Mount the share using the mount.cifs type. Not all the options listed below are needed or desirable (ie. password).

Add Share to /etc/fstab

However, storing passwords in a world readable file is not recommended! A safer method would be to use a credentials file. As an example, create a file and chmod 600 filename so only the owning user can read and write to it. It should contain the following information:

If using systemd (modern installations), one can utilize the comment=systemd.automount option, which speeds up service boot by a few seconds. Also, one can map current user and group to make life a bit easier, utilizing uid and gid options (warning: using the uid and gid options may cause input ouput errors in programs that try to fetch data from network drives):

User mounting

Note: Note: The option is users (plural). For other filesystem types handled by mount, this option is usually user; sans the "s".

This will allow users to mount it as long as the mount point resides in a directory controllable by the user; i.e. the user's home. For users to be allowed to mount and unmount the Samba shares with mount points that they do not own, use smbnetfs, or grant privileges using sudo.

File manager configuration

Nautilus

Press Ctrl+l and enter smb://servername/share in the location bar to access your share.

The mounted share is likely to be present at /run/user/your_UID/gvfs in the filesystem.

Thunar and PCManFM

For access using Thunar or PCManFM, install gvfs-smb, available in the official repositories.

Go to smb://servername/share, to access your share.

KDE

KDE, has the ability to browse Samba shares built in. Therefore do not need any additional packages. However, for a GUI in the KDE System Settings, install the kdenetwork-filesharing package from the official repositories.

Other graphical environments

There are a number of useful programs, but they may need to have packages created for them. This can be done with the Arch package build system. The good thing about these others is that they do not require a particular environment to be installed to support them, and so they bring along less baggage.

LinNeighborhood, RUmba, xffm-samba plugin for Xffm are not available in the official repositories or the AUR. As they are not officially (or even unofficially supported), they may be obsolete and may not work at all.